A BitMEX employee who was contacted via LinkedIn by a Lazarus Group-affiliated attacker posing as a Web3 collaborator in May 2025 quickly recognized the phishing attempt and alerted the company’s security team, prompting a full investigation.
Claim
Quotes that support claims
They alerted the security team, who investigated with the objective of understanding how this campaign worked and how to protect ourselves from it.
According to BitMEX, the firm’s targeted employee was able to quickly identify the potential threat and alerted the BitMEX security team, which began an investigation that may have revealed some of Lazarus’ tracking methods and ‘significant lapses in operational security.’
Referenced by
Attack tactics and security response
Crypto news
Data block
